II. Creating Crypter Modules

Crypters are Input Modules that convert plaintext shellcode into ciphertext. Below is a template for creating a Crypter module.

Template:

import base64
import hashlib
import config
import core.helpers.crypto

from base.input.crypter.crypter import Crypter  

class MCrypter(Crypter):

    def __init__(self):

        self.name = ''
        self.mtype = 'crypter'
        self.author = ''
        self.description = ''  

        self.compatible_interfaces = [
        ]

        self.compatible_omodules = [
        ]

    def add_arguments(self):
        #self.parser.add_argument(...
        pass

    def encrypt(self, pt, ekey_val):

        if type(pt) != bytes:
            pt = pt.encode()

        # encryption happens here
        return {

            'pt' : pt,
            'ekey' : ekey_val,
            #'ct' : ct,
            'options' : self.args.__dict__,     
        }

Required Structure:

Crypter modules meet the following requirements:

• Must be of type MCrypter
• Must inherit from type Crypter
• As with all modules, must make a call to super().__init__() at the start of the constructor.
• Must have an encrypt() function (defined in the following subsection)

Required Function: encrypt()

All Crypter modules must have an encrypt() function that accepts plaintext shellcode and an encryption key as input, performs some action, and then returns a dictionary containing the plaintext, encryption key, ciphertext, as well as any command line arguments passed to the module.

• Required inputs (positional arguments, in order): plaintext, ekey_val
• Required output (dictionary with the following minimum structure): { 'pt' : plaintext, 'ekey' : ekey_val, 'options' : self.args.__dict__ }

Required Attributes:

• name - the name of the module

• mtype - the module type (must be set to 'crypter')

• author- the name of the module author

• description - a brief description of what the module does

• compatible_interfaces - a list of interface modules that are compatible with the module

• compatible_omodules - a list of compatible output modules (for example, a ekey module will have a list of compatible dkey modules)

Creating Crypter Modules Using the DropEngine Module Maker

DropEngine's Module Maker can be used to easily create a skeleton from which to build a crypter module, as shown in the following example.

Command:

python csharp_module_maker.py \
--type crypter \
--name test_module \
--author s0lst1c3 \
--description itsacrypter \
--compatible-omodules asdf \
--compatible-interfaces csharp_runner_interface

Example Output:

python csharp_module_maker.py \
--type crypter \
--name test_module \
--author s0lst1c3 \
--description itsacrypter \
--compatible-omodules asdf \
--compatible-interfaces csharp_runner_interface 

[*] Saved new module to path: modules/input/crypters/test_module.py